14 CISpa paper AT s&P 2026

Transient execution attacks such as Meltdown, Foreshadow, and MDS revealed fundamental security weaknesses in modern processors. However, research on these attacks is becoming increasingly difficult because vulnerable CPUs are now rare and experimental setups are hard to compare or share. This complicates both the development of new defenses and education in CPU security.

Tristan Hornetz, Lukas Gerlach, and Michael Schwarz from CISPA introduce Crucible, a software-based framework that simulates Meltdown-like vulnerabilities on any x86 processor. The system reproduces key effects of transient execution, including cache leakage, transient execution windows, and the behavior of speculation barriers. According to the results, Crucible can execute unmodified public proof-of-concept programs and even complete exploits on hardware that is not actually vulnerable. The authors reproduced several existing attacks, including the extraction of VeraCrypt keys with Meltdown. The framework can also be combined with modern fuzzing tools to automatically detect vulnerabilities and compare different detection approaches under controlled conditions.

The work could make long-term research and education in processor security more accessible. Vulnerabilities that are difficult to reproduce on current hardware can still be analyzed systematically and used in future testing and training environments.

Cryptographic protocols form the foundation of secure Internet communication. Any flaw in their design can have far-reaching consequences, which is why their security is often verified mathematically using specialized analysis tools. This process becomes especially difficult for complex protocols involving many participants, dynamic behavior, or unbounded data structures. The DY* verification framework was developed to address precisely these challenges and has already been used to analyze protocols such as Signal and ACME.

CISPA researcher Théophile Wallez identifies two fundamental limitations in the existing DY* approach: security proofs for individual protocol components could not previously be combined modularly, and the description of possible compromise scenarios remained too restrictive. To address these issues, the paper presents a substantially revised version of DY*. The new framework enables modular security proofs and significantly expands the modeling of possible attack scenarios.

These improvements are intended to support the analysis of larger and more complex communication protocols. According to the paper, the updated version of DY* has already been used successfully in the security analysis of the TreeKEM protocol, which is relevant for modern group communication systems. The work could contribute to making the verification of complex Internet protocols more reliable and scalable in the future.

Text-to-image (T2I) models such as Stable Diffusion enable the creation of AI-generated child sexual abuse material (AIG-CSAM) on an unprecedented scale. Training data filtering has been called the "gold standard" approach to disable unwanted capabilities in T2I models. This paper evaluates the effectiveness of filtering child images from training datasets of T2I models to prevent model misuse to create CSAM.

Ana-Maria Cretu from CISPA, together with with Klim Kireev and Carmela Troncoso from EPFL & MPI-SP, Amro Abdalla, Wisdom Obinna, Sarah Adel Bargal and Elissa M. Redmiles from Georgetown University, and Raphael Meier from armasuisse S+T, first propose a cryptography-inspired security definition to capture the difficulty of preventing AIG-CSAM generation. Second, the authors show that existing filtering methods cannot completely remove all images of children from datasets. Third, using an ethical proxy for CSAM, a child wearing glasses, the authors further show that current child filtering methods offer limited protection to closed-weight models and no protection to open-weight models, which can be fine-tuned to re-introduced the concept with low effort even when if filtering is perfect. At the same time, filtering can affect the generation of child-related concepts, such as mother or playground, by hindering the rate at which these concepts are generated or changing their representation. Finally, the authors outline challenges in conducting evaluations that establish robust evidence on the impact of training data filtering defenses for CSAM.

URL scanning services are widely used to detect malicious websites and protect users from phishing and malware. However, many of these services publicly index scanned URLs, which can unintentionally expose sensitive information when the indexed URLs lead to private resources.

Together with Shubham Agarwal from Max Planck Institute for Security and Privacy and Stefano Calzavara from Università Ca’ Foscari Venezia, the CISPA researchers Ali Mustafa, Jannis Rautenstrauch, Florian Hantke, and Ben Stock conducted the first systematic investigation into how frequently such privacy issues occur. To do so, they developed LEAKYLINKS, an automated analysis framework that filters potentially sensitive URLs and uses large language models to identify sensitive personal information (SPI). Over a three-week period, they analyzed public data feeds from six major URL scanning services. Among more than 332,000 examined URLs, they identified over 4,000 links exposing sensitive information with a precision of 97%.

The authors also created specially designed honeypages to test whether publicly indexed URLs are actively accessed by third parties. Their measurements show that external entities do visit such links, in some cases from suspicious IP addresses displaying behavior associated with automated reconnaissance or opportunistic attacks.

The study demonstrates that security services themselves can unintentionally introduce new privacy and security risks. The findings may help improve the handling of sensitive information in future automated security analysis systems.

Code-reuse attacks remain one of the most prominent methods for bypassing security mechanisms in modern software. Although numerous protection techniques have been proposed, their practical deployment often fails due to compatibility and integration challenges. Intel CET is currently regarded as the most important defense mechanism available on recent Intel processors. This hardware-based approach monitors program control transfers, but it mitigates such attacks only partially: manipulated function pointers can still be used to invoke arbitrary functions across module boundaries.

CISPA researchers Apostolos Chatzianagnostou, Marcos Sanchez Bajo, and Christian Rossow present PLaTypus, a new security mechanism that builds on Intel CET and aims to address this limitation. The approach restricts indirect control-flow transfers targeting external modules within the virtual address space by using lightweight address masking. Function calls between different libraries remain possible only through designated interfaces, namely the Procedure Linkage Tables used in Linux. In experiments involving 19 applications and 16 shared libraries, including glibc, PLaTypus reduced the number of potentially reachable functions across module boundaries by more than 98 percent. At the same time, the performance overhead remained low: applications such as Nginx and Redis exhibited performance losses of less than 0.5 percent.

This work demonstrates that additional protection mechanisms can selectively complement existing hardware security features. Consequently, future software systems could be better protected against modern attacks without incurring noticeable performance penalties in everyday use.

Processor caches have long been known to leak information across isolation boundaries. Traditional cache attacks usually rely on precise timing measurements to distinguish fast and slow memory accesses. However, modern processors and operating systems increasingly restrict timer precision and access to hardware counters, making many existing attacks less practical.

CISPA-researchers Fabian Thomas and Michael Schwarz introduce I2SC, a new timer-free cache side-channel attack targeting RISC-V, ARM, and LoongArch processors. The method exploits inconsistencies between instruction and data caches. Under certain conditions, a processor may continue executing stale instructions from the cache even after the instructions have been modified. This creates observable architectural differences that can reveal information about internal cache states. The authors evaluated I2SC on 18 processor microarchitectures and found 12 to be vulnerable. To demonstrate the practical impact, they implemented several complete attacks, including AES key recovery and a Spectre-style attack with reliability comparable to or better than previous timing-based approaches.

The study shows that cache side-channel attacks remain possible even without precise timing measurements. According to the findings, software-based defenses alone may not be sufficient to fully prevent such attacks. Long-term mitigation may therefore require changes at the hardware level.

Substantial reduction in launch and manufacturing costs has resulted in the accelerated deployment of small satellite missions, with commercial off-the-shelf (COTS) components becoming the prevailing standard for specific subsystems. This modular approach is cost-effective and flexible, but it also introduces new security risks. The communication subsystem is particularly critical because it must remain continuously accessible and serves as the entry point for command and control.

Together with Martin Strohmeier and Mathias Fischer, CISPA researchers Ulysse Planta, Julian Rederlechner, and Ali Abbasi investigated attacks targeting such communication modules and analyzed systems from multiple vendors. Their analysis uncovered severe vulnerabilities in firmware, protocols, and system architecture. By correlating their findings with publicly available telemetry data, the authors conclude that at least 28 missions currently in orbit could be vulnerable to hostile takeover.

The study highlights that satellite communication systems represent a largely underestimated attack surface. This is societally relevant because small satellites are increasingly used for communication, scientific research, Earth observation, and critical infrastructure. Improved security assessments could help more realistically prevent failures, manipulation, and misuse in orbit.

System Management Mode (SMM) is a highly privileged operating mode in modern x86 processors. It handles security-critical tasks such as power management and hardware error processing while having nearly unrestricted access to system resources. Because SMM applications are often written in memory-unsafe programming languages, they represent an attractive target for attackers. Vulnerabilities in this area are especially severe because they may allow attackers to gain deep control over a system.

Qinying Wang and Yi Xiang from Zhejiang University and EPFL, as well as Thorsten Holz from Max Planck Institute for Security and Privacy, together with CISPA researchers Meng Wang and Ali Abbasi, present the SmuFuzz framework, which is specifically designed to detect vulnerabilities in closed-source SMM applications. The approach simulates parts of the UEFI runtime environment so that applications can be executed more realistically during automated testing. This helps avoid problems that previously often led to incorrect crashes or incomplete analyses. In addition, SmuFuzz automatically analyzes the structure of possible inputs to enable deeper testing of program components.

In their experiments, SmuFuzz achieved substantially higher code coverage than existing tools while significantly reducing false positives. Using the framework, the authors identified 38 previously unknown vulnerabilities in firmware from major vendors. The findings suggest that improved testing methods can help uncover critical weaknesses in highly privileged system components and strengthen the security of modern computer systems.

Confidential computing using virtual-machine-based trusted execution environments (TEEs) is intended to protect sensitive data even from privileged cloud operators. Such technologies are increasingly used for applications ranging from medical data analysis to AI inference. However, many existing deployments do not fully account for microarchitectural side channels. Through indirect signals such as memory-access patterns, attackers may still infer sensitive information even when memory contents remain encrypted.

Together with Hosein Yavarzadeh from University of California San Diego and Google, as well as Albert Cheu, Phillipp Schoppmann, Daniel Moghimi, and Adria Gascon from Google, CISPA researchers Ruiyi Zhang, Lukas Gerlach, Tristan Hornetz, and Michael Schwarz systematically analyze this attack surface for Intel TDX, and reveal four new side channel primitives. Their framework, TDXRay, combines multiple attack techniques to trace the memory access patterns of complex real-world applications in a protected virtual machine. Furthermore, they demonstrate a practical side-channel attack on LLM prompt tokenization, leaking arbitrary prompts with high accuracy in just a single shot.

The findings show that encrypted memory alone is not sufficient to fully protect confidential workloads. The work may help improve the systematic evaluation and mitigation of side-channel risks in future cloud and AI infrastructures.

Years after the discovery of Meltdown and Spectre, transient execution attacks continue to pose significant security risks for modern processors. While Spectre-type vulnerabilities typically abuse well-known features, Meltdown-type vulnerabilities are closer to actual bugs. Hence, discoverying Meltdown-type vulnerabilities remains challenging.

The CISPA researchers Daniel Weber, Fabian Thomas, Leon Trampert, Ruiyi Zhang, and Michael Schwarz present TREVEX, a new automated framework for detecting such vulnerabilities. The system analyzes processors as a black box and does not require access to internal hardware descriptions or detailed knowledge of instruction-set semantics. Instead, TREVEX identifies unexpected transient data flows that may indicate security weaknesses. The authors evaluated the framework on 20 processor microarchitectures from Intel, AMD, and Zhaoxin.

Using TREVEX, they discovered a previously unknown vulnerability called FP-DSS affecting AMD processors. According to the study, the flaw could allow even unprivileged software or malicious websites to leak data from other security domains. The framework also identified new variants of previously known vulnerabilities and revealed gaps in existing vendor documentation.

The findings underline that automated analysis tools play an increasingly important role in discovering processor vulnerabilities

Humanitarian organizations provide assistance in crisis situations by distributing essential goods and services to people in need. In many settings, multiple organizations provide aid in a given region. 

Humanitarian organizations have only limited resources and aim to use these to help as many people as possible. Therefore, organizations want to prevent duplicate registrations, i.e., recipients that register and receive aid from multiple organizations. Yet, non-private deduplication approaches may put vulnerable aid recipients at risk by sharing their data with other organizations.

The CISPA researchers Tim Rausch, Sylvain Chatel, and Wouter Lueks analyzed the needs of humanitarian organizations to identify the requirements for a privacy-friendly deduplication system that is fit for real-life humanitarian missions. 

They designed xDup; a new practical deduplication system that meets the identified requirements of humanitarian organizations and is able to identify duplicate registrations without unnecessarily sharing personal data between organizations. 

The xDup system builds on top of secure cryptographic building blocks and introduces a new and efficient protocol for fuzzy private set intersection that is more efficient than prior work.